Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

ERCOLINO

Membro dello Staff
Amministratore
Registrato
3 Marzo 2003
Messaggi
246.264
Località
Torino
Secunia Advisory: SA31882


Critical: Highly critical
Impact: Security Bypass
Cross Site Scripting
Spoofing
Manipulation of data
Exposure of system information
Exposure of sensitive information
DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: Apple Macintosh OS X

Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

1) A boundary error in the handling of PostScript font names in Apple Type Services can be exploited to cause a heap-based buffer overflow when a document containing a specially crafted font is viewed.

Successful exploitation may allow execution of arbitrary code.

2) Some vulnerabilities in ClamAV can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a vulnerable system.

For more information:
SA29000
SA30657

3) An error exists in Directory Services when it is configured to authenticate users with Active Directory. This can be exploited to disclose a list of user names from Active Directory in the Login Window by supplying wildcard characters in the user name field.

4) A vulnerability is caused due to an insecure file operation within the "slapconfig" tool, which can be exploited by a malicious, local user to disclose the password that are entered by administrative users using "slapconfig".

5) An weakness in Finder causes the "Get Info" window to incorrectly display the privileges for a file.

6) A null pointer dereference error exists in Finder when searching for a remote disc. This can be exploited by malicious people with access to the local network to cause Finder to exit immediately after it starts.

7) A vulnerability in ImageIO can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system.

For more information:
SA31610

8) An unspecified error exists in ImageIO when handling TIFF images. This can be exploited to cause a memory corruption and allows crashing an application or potentially arbitrary code execution.

9) An unspecified error in ImageIO when processing embedded ICC profiles in JPEG images can be exploited to crash an application or potentially execute arbitrary code.

10) A vulnerability in ImageIO can be exploited by malicious people to cause a DoS (Denial of Service), disclose potentially sensitive information, or potentially compromise an application using the library.

For more information:
SA29792

11) An error in the Kernel when a vnode is recycled can be exploited by malicious, local users to read or write certain files without proper permissions.

12) A security issue exists in libresolv and mDNSResponder due to DNS query port number not being sufficiently randomised, which can be exploited to poison the DNS cache.

13) A race condition exists in Login Window, which can be exploited to log in as an arbitrary user without providing any credentials if the system has an account without password enabled, e.g. the "Guest" account.

14) A weakness exists due to Login Window not properly clearing the password after a failed password change, which can be exploited by malicious people with access to the Login Screen to reset a user's password.

Successful exploitation requires that a user leaves a system with the error message displayed after a failed password change.

15) A vulnerability and a weakness in OpenSSH can be exploited by malicious, local users to disclose sensitive information or to bypass certain security restrictions.

For more information:
SA29522
SA29602

16) A vulnerability in QuickDraw Manager can be exploited by malicious people to compromise a user's system.

For more information see vulnerability #5 in:
SA31821

17) A vulnerability in Ruby can be exploited by malicious people to cause a DoS (Denial of Service).

For more information:
SA30924

18) Integer overflow errors exist in unspecified functions within the SearchKit framework. These can be exploited to crash an application or execute arbitrary code when an application passes untrusted input to SearchKit.

19) An error in System Configuration exists due to PPP passwords being stored unencrypted in a world readable file.

20) An error exists in Time Machine due to log files being stored with insecure permissions on the backup drive , which can lead to disclosure of sensitive information.

21) A memory corruption error exists in the handling of H.264 encoded media within the VideoConference framework. This can be exploited to crash an application and potentially execute arbitrary code e.g. when a user starts a video conference with a malicious person.

22) Certain input in emails is not properly sanitised before being used in the mailing list archive in Wiki Server. This can be exploited to insert arbitrary HTML and script code, which will be executed in another user's browser session in context of an affected site e.g. when a malicious mail is viewed.

[b ]Solution:
Update to Mac OS X 10.5.5 or apply Security Update 2008-006.[/b]


Bollettino di Sicurezza
 
Indietro
Alto Basso